PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.
References
| Link | Resource |
|---|---|
| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7 | Exploit Vendor Advisory |
| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7 | Exploit Vendor Advisory |
Configurations
History
17 Apr 2026, 18:33
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| First Time |
Praison
Praison praisonai |
|
| References | () https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7 - Exploit, Vendor Advisory |
14 Apr 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7 - |
09 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 22:16
Updated : 2026-04-17 18:33
NVD link : CVE-2026-40116
Mitre link : CVE-2026-40116
CVE.ORG link : CVE-2026-40116
JSON object : View
Products Affected
praison
- praisonai
CWE
CWE-770
Allocation of Resources Without Limits or Throttling